Apparatus and methods for managing content exchange on a wireless device

ABSTRACT

Apparatus, methods, computer readable media and processors operable on a wireless device may provide an anti-spam engine operable to intercept content intended for and/or generated by client applications, and filter out unwanted content. The anti-spam engine may include a configurable module having a spam filter that may determine whether content is unwanted. Based on the result of subjecting the content to the spam filter, the anti-spam engine may forward the content to the intended client application and/or a network destination, and/or may generate a spam log. The anti-spam module may be further operable to forward the spam log to another device, such as a user manager device, operable to analyze the log and generate a report which may be viewable by an operator.

CLAIM OF PRIORITY UNDER 35 U.S.C. §119

The present Application for Patent claims priority to ProvisionalApplication No. 60/665,305 entitled “Methods and Apparatus forPreventing Unauthorized Downloads to a Wireless Device,” filed Mar. 25,2005, assigned to the assignee hereof and hereby expressly incorporatedby reference herein.

FIELD OF INVENTION

The described embodiments generally relate to wireless communicationdevices and computer networks, and more particularly relate to apparatusand methods for detecting unauthorized content on a wireless device.

BACKGROUND

Wireless networking connects one or more wireless devices to othercomputer devices without a direct electrical connection, such as acopper wire or optical cable. Wireless devices communicate data,typically in the form of packets, across a wireless or partiallywireless computer network and open a “data” or “communication” channelon the network such that the device can send and receive data packets.The wireless devices often have wireless device resources, such asprograms and hardware components, which individually and cooperativelyoperate to use and generate data in accordance to their design andspecific protocol or configuration, such as using open communicationconnections to transmit and receive data on the network.

Wireless devices are being manufactured with increased computingcapabilities and are becoming tantamount to personal computers andinclude such features as Internet browsing, instant messaging (“IM”),E-mail, and text messaging, including Short Message Service andMultimedia Messaging Service (“SMS/MMS”). Because such featuresfacilitate direct contact with a wireless device user, these messagingclients have become targets for unauthorized, unsolicited, and in mostcases unwanted, messages and/or viruses, herein referred to as “spam.”

Spamming may be loosely defined as the use of any electroniccommunications medium to send unsolicited messages and/or viruses inbulk and by definition, occurs without the permission of the recipient.While its use is usually limited to indiscriminate bulk mailing and notany targeted marketing, the term “spam” can refer to any commerciallyoriented, unsolicited bulk mailing perceived as being excessive andundesired. Although the most common form of spam is that delivered inE-mail, spammers have developed a variety of spamming techniques, whichvary by media: E-mail spam, instant messaging spam, Usenet newsgroupspam, Web search engines spam, weblogs spam, and mobile phone messagingspam.

Spam by E-mail is a type of spam that involves sending identical (ornearly identical) messages to thousands (or millions) of recipients.Spammers often harvest addresses of prospective recipients from Usenetpostings and/or web pages, obtain them from databases, or simply guessthem by using common names and domains.

Instant messaging (“IM”) systems, such as Yahoo! Messenger, AIM, MSNMessenger and ICQ, are popular targets for spammers. Many IM systemsoffer a directory of users, including demographic information such asage and sex. Advertisers can gather this information, sign on to thesystem, and send unsolicited messages.

Mobile phone spam, in some forms, includes spamming directed at mobilephone text messaging services and can be especially irritating to usersnot only for the inconvenience but also because they may have to pay toreceive the unsolicited and often unwanted text message. Mobile phonespam may also include any type of content that can be received by amobile phone, such as audio content, video content, software programs,etc., and combinations thereof.

Several methods of message analysis to protect networks from spaminclude fingerprinting and rules-based scoring. Fingerprintingtechnology takes a “digital picture” of each message and matches itagainst known profiles of spam messages to detect unwanted email andflag it as spam. Rule-based scoring involves scoring messages against adatabase of spam rules, assigning scores to messages based on uniquecharacteristics of spam and legitimate email. When a score of a messageexceeds a defined threshold, it is flagged as spam.

The approach to anti-spam filtering at the wireless user device level,has for the most part, been accomplished by incorporating an anti-spammodule within each messaging client application. However, if anti-spamcode is integrated within each client application, e.g., E-mail, MMS,SMS, and IM, much valuable handset storage/memory is wasted doingessentially the same function, that being anti-spam filtering.

Furthermore, if the functionality of an anti-spam module is limited tofiltering spam after being received by the wireless device, thefiltering does nothing to address the equally if not more importantissue of network congestion due to a flood of spam traversing thenetwork. A network, accurately sized for a certain bandwidth oflegitimate traffic (plus a little extra) may be hard pressed to maintainthe designed-to quality-of-service in the presence of millions ofinstances spam content directed to an equally large and growing numberof wireless devices hosting several content consuming clientapplications.

Accordingly, it would be advantageous to provide an apparatus and methodthat provides a single ubiquitous anti-spam module that may beconfigured to monitor all content incoming to a wireless device prior tobeing received by any client application. Furthermore, it would beadvantageous to provide an apparatus and method operable to analyze theeffect of the spam filtering on the wireless device with the goal ofblocking further spam attacks.

SUMMARY

The described embodiments comprise apparatus, methods, computer readablemedia and processors operable on a wireless device to provide a singleubiquitous anti-spam detection mechanism capable of filtering outunwanted content, such as unauthorized and/or unsolicited content and/orviruses, i.e., spam, within a data stream received from a wirelessnetwork and intended for a client application resident on the wirelessdevice, and/or within a data stream generated on the wireless device andintended for transmission to a remote device on the wireless network.

Furthermore, such apparatus and methods may include the forwarding ofinformation regarding the detected unwanted content to a user managerand/or operator for further analysis and report generation. Furthermore,the network carrier may be informed of the unwanted content for thepurpose of blocking the future propagation of unwanted contentthroughout the network.

In some aspects, a method for filtering content on a wireless devicecomprises intercepting content on the wireless device prior to deliveryof the content to a content destination. The method further comprisesanalyzing the content based on a content filter to determine if thecontent comprises unwanted content, wherein the content filter isselected from a plurality of content filters based on at least one of anetwork service provider associated with the wireless device, a hardwarecharacteristic associated with the wireless device, a predeterminedcharacteristic associated with the content destination, and a hardwarerequirement associated with the content. Additionally, the methodcomprises, based upon the analyzing of the content, forwarding thecontent to the content destination or quarantining the content. In otheraspects, at least one processor may perform the above-defined actions.In yet other aspects, a machine-readable medium may compriseinstructions which, when executed by a machine, cause the machine toperform the above-defined operations.

In some other aspects, a wireless device comprises means forintercepting content on the wireless device prior to delivery of thecontent to a content destination. The wireless device further comprisesmeans for analyzing the content based on a content filter to determine acontent classification, wherein the content filter is selected from aplurality of content filters based on at least one of a network serviceprovider associated with the wireless device, a hardware characteristicassociated with the wireless device, a predetermined characteristicassociated with the content destination, and a hardware requirementassociated with the content. Additionally, the wireless device comprisesmeans for forwarding the content to the content destination orquarantining the content, based upon the content classification.

In yet other aspects, a wireless device comprises an anti-spam engineoperable to intercept content on the wireless device prior to deliveryof the content to a content destination, the anti-spam engine comprisinga content filter selected from a plurality of content filters based onat least one of a network service provider associated with the wirelessdevice, a hardware characteristic associated with the wireless device, apredetermined characteristic associated with the content destination,and a hardware requirement associated with the content. Additionally,the wireless device comprises control logic associated with theanti-spam engine and operable to apply the content filter to the contentand determine if the content comprises unwanted content, wherein thecontrol logic is further operable to forward the content to the contentdestination if the content does not comprise unwanted content orquarantine the content if the content comprises unwanted content.

In still further aspects, a method for managing the filtering of contenton a wireless device comprises providing a predetermined content filterand a reporting parameter to the wireless device and receiving, based onthe reporting parameter, a spam log relating to content on the wirelessdevice and subjected to the predetermined content filter. Further, themethod comprises generating a report based on the spam log. In otheraspects, at least one processor may perform the above-defined actions.In yet other aspects, a machine-readable medium may compriseinstructions which, when executed by a machine, cause the machine toperform the above-defined operations.

In other aspects, an apparatus for managing the filtering of content ona wireless device comprises means for providing a predetermined contentfilter and a reporting parameter to the wireless device, and means forreceiving, based on the reporting parameter, a spam log relating tocontent received by the wireless device and subjected to the contentfilter. Additionally, the apparatus comprises means for generating areport based on the spam log.

In further aspects, an apparatus for managing the filtering of contenton a wireless device comprises a generator module operable to generate acontent filter configuration comprising at least one predeterminedcontent filter and a reporting parameter. Further, the apparatuscomprises an anti-spam module operable to forward the content filterconfiguration to the wireless device and operable to receive, based onthe reporting parameter, a spam log relating to content received by thewireless device and subjected to the spam filter. Additionally, theapparatus comprises a report generator operable to generate a reportbased on the spam log.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosed embodiments will hereinafter be described in conjunctionwith the appended drawings provided to illustrate and not to limit thedisclosed embodiments, wherein like designations denote like elements,and in which:

FIG. 1 is a schematic diagram of one aspect of a system for preventingpredetermined content from being received by and/or sent from clientapplications on a wireless device;

FIG. 2 is a schematic diagram of one aspect of a wireless deviceaccording to FIG. 1;

FIG. 3 is a schematic diagram of one aspect of a memory residentanti-spam engine according to the wireless device of FIG. 2;

FIG. 4 is a schematic diagram of one aspect of a user manager accordingto the system of FIG. 1;

FIG. 5 is a schematic diagram of one aspect of a configuration generatormodule according to the user manager of FIG. 4;

FIG. 6 is a schematic diagram of one aspect of a device control moduleaccording to the user manager of FIG. 4;

FIG. 7 is a schematic diagram of one aspect of an operator workstationaccording to the system of FIG. 1;

FIG. 8 is a schematic diagram of one aspect of a cellular telephonenetwork according to FIG. 1;

FIG. 9 is a flowchart diagram of a method for preventing unauthorizeddownloads to a wireless device according to the system of FIG. 1;

FIG. 10 is another flowchart diagram of a method for preventingunauthorized downloads to a wireless device according to the system ofFIG. 1;

FIG. 11 is an event sequence diagram operable in some embodiments of thesystem of FIG. 1; and

FIG. 12 is another event sequence diagram operable in some embodimentsaccording to the system of FIG. 1.

DETAILED DESCRIPTION

Referring to FIG. 1, a system 100 for detecting unwanted content on awireless device, including preventing the receipt and/or transmission ofsuch content, may comprise a wireless device 102 operable to receive acontent filter configuration 170 from a user manager 110. Unwantedcontent, or spam, may include unauthorized or unsolicited content and/orviruses. Content filter configuration 170 defines parameters for thefiltering of content using filter module 180, for the recording ofdetails associated with filtered content in a spam log 184, and for theforwarding of log 184 to the user manager 110 or another device foranalysis.

For example, an operator workstation 114 may be configured to receive aspam report 205 generated by a report generator 204 associated with usermanager 110 and may further be configured to communicate future spamblocking instructions 116 to a message center 118. Communication betweenwireless device 102, user manager 110, operator workstation 114, andmessage center 118 may be accomplished via network 101.

Content filter configuration 170, and corresponding filter module 180,may include one or more content filters to apply to incoming and/oroutgoing content. The content filter utilized by wireless device 102 maybe selected from a plurality of content filters based on, for example,at least one of a network service provider associated with the wirelessdevice, a hardware characteristic associated with the wireless device, apredetermined characteristic associated with the content destination,and a hardware requirement associated with the content.

For example, wireless device 102 may operate on a home wireless networkprovided by a network service provider, but the device may roam out ofthe home network into another wireless network under the control ofanother network service provider. Since spam may affect the performanceof the given wireless network, each wireless service provider may defineand provide a custom content filter to be used by any wireless deviceoperating on their wireless network.

In another example, the content filter may vary depending on thehardware characteristics of a given wireless device. For instance, ahardware characteristic such a processor type/capability, speakertype/capability, ringer type/capability, display type/capability, and amemory type/capability may affect whether or not a given wireless devicecan efficiently process a given content. For example, a given contentcomprising a given ring tone may require sounds not capable of beinggenerated by a given ringer associated with a given wireless device, andthus the given content may be considered spam for the given device.Thus, a given content that adversely affects a hardware characteristicof one wireless device may be classified as spam for that device, whilethe same content may be classified as not spam for another wirelessdevice having different hardware characteristics.

Similarly, the content filter may vary depending on a predeterminedcharacteristic associated with the content destination. For instance, inthe case of incoming content received by the wireless device, thepredetermined characteristic associated with the content destination maycomprise, for example, an identification of a destination clientapplication resident on the wireless device. In other words, contentdefined or classified as spam may vary depending upon whether thecontent is destined for a browser as opposed to a text messaging client.In the case of outgoing content intended from transmission from thewireless device, the predetermined characteristic associated with thecontent destination may comprise, for example, a number contentdestinations associated the content. In other words, sending of morethan a predetermined number of copies of the same content may be definedas spamming.

Similarly, the content filter may vary depending on a hardwarerequirement associated with the content. For instance, the hardwarerequirement may comprise, for example, at least one of a wireless deviceprocessor type/capability/capacity usage, an audio componenttype/capability/usage, a video component type/capability/usage, and awireless device memory type/capability/usage. In other words, forexample, spam may be defined as requiring more than a predeterminedamount of the total capacity of a given wireless device hardwareresource. By using too much capacity, a given content may adverselyaffect the overall performance of the wireless device, and/or may affectthe performance of other applications executing on the wireless device.

Wireless device 102 may include any type of computerized device such asa cellular telephone, personal digital assistant, two-way text pager,portable computer, and even a separate computer platform that has awireless communications portal, and which also may have a wiredconnection to a network or the Internet. The wireless device can be aremote-slave, or other device that does not have an end-user thereof,but simply communicates data across the wireless network 101, such asremote sensors, diagnostic tools, and data relays.

Wireless device 102 includes an anti-spam engine module 138 thatmonitors incoming and/or outgoing content and filters out unwanted,unsolicited and/or unauthorized content and/or viruses, collectivelyreferred to as spam. Anti-spam module 138 may be loaded into a memory136 of wireless device 102 in a number of ways, including but notlimited to: statically installed at the factory 106; by wirelesstransmission over a wireless network, such as network 101; and, over ahardwired connection, such as via a personal computer (PC). Wirelessdevice 102 may be delivered to a network carrier and/or some otherretailer for sale and delivery to a user and activation on a network.

Once a wireless device 102 is activated by a carrier, applicationclients and wireless device components/ports/interfaces for sending andreceiving content may be operable on the wireless device 102. Forexample, application clients may include, but are not limited to,clients such as instant messaging (“IM”), E-mail, and messaging clients,such as a Short Message Service (SMS) client and a Multimedia MessagingService (MMS) client, and a browser. Wireless devicecomponents/ports/interfaces may include any point of content entry into,and/or any point of content exit from wireless device, as will bediscussed in more detail below. Targeting these client applications andcomponents/ports/interfaces, advertisers and other spam generators 122of unsolicited communications may then gain access to network 101 andobtain the address information of wireless device 102. Armed with suchinformation, such as a phone number and/or Internet Protocol (IP)address, a spam generator 122 may start sending spam 124 to the wirelessdevice 102 via message center 118 and wireless link 120. Spam 124 may beany content that is unsolicited, unwanted, and/or unauthorized by theuser of wireless device 102 and/or by the operator and/or networkservice provider associated with network 101. Furthermore, spam,intentionally or unintentionally generated by a client application, maybe transmitted to the network, thereby degrading network availability.

Anti-spam engine module 138 is operable to intercept all incomingcontent and/or all outgoing content, and to filter out contentdetermined to be unauthorized and/or unsolicited and/or unwanted and/ora virus based upon configurable parameters to be discussed in detailherein.

In one aspect, the anti-spam engine 138 may quarantine the detected spamin a quarantine folder and may generate a spam log with details of thedetected spam. Further, in another aspect, based upon a configurablereporting parameter, the anti-spam engine 138 may transmit the spam logto the user manager 110 over wireless link 108.

The user manager 110 may receive the log, analyze the data and generatea report. The user manager 110 may, for example, E-mail the report overcommunication channel 126 to an operator workstation 114, or otherwisemake the contents of the report viewable to an operator.

The operator may analyze the report and, based upon that analysis, mayissue a command 112 to the user manager 110 with instructions to updatethe anti-spam engine 138, for example, to update the filteringcharacteristics of the engine to detect new forms of spam. Furthermore,the operator workstation 114 may transmit instructions 116 to themessage center 118 to block further access of spam generator 122 to thenetwork 101.

Referring to FIG. 2, wireless device 102 may comprise a computerplatform 130 interconnected with an input mechanism 132 and an outputmechanism 134 respectively providing inputs and outputs forcommunicating with resident applications. For example, input mechanism132 may include, but is not limited to, a mechanism such as a key orkeyboard, a mouse, a touch-screen display, and a voice recognitionmodule. Output mechanism 134 may include, but is not limited to, adisplay, an audio speaker, and a haptic feedback mechanism.

Computer platform 130 may further include a communications module 152embodied in hardware, software, firmware, executable instructions dataand combinations thereof, operable to receive/transmit and otherwiseenable communication between components within the wireless device 102,as well as to enable communications between the wireless device 102 andother devices, such as serially connected devices as well as devicesconnected via an air interface, such as network 101. Communicationsmodule 152 receives content 160, either from one or more clientapplications 140 and/or from input mechanism 132 on wireless device 102and/or from another device in communication with wireless device 102,and cooperates with anti-spam engine 138 to analyze content 160 beforeallowing the content to be transmitted from and/or received by thewireless device.

As noted above, communications module 152 may comprise anycomponent/port/interface that may include any point of content entryinto, and/or any point of content exit from wireless device. As such,communications module 152 may include interface components for hardwiredcommunications and for wireless communications. For example,communications module 152 may include, but is not limited to,communication interface components such as a serial port, a universalserial bus (USB), a parallel port, and air interface components forwireless protocols/standards such as Wi-Fi, World Interoperability forMicrowave Access (WiMAX), infrared protocols such as Infrared DataAssociation (IrDA), short-range wireless protocols/technologies,Bluetooth® technology, ZigBee® protocol, ultra wide band (UWB) protocol,home radio frequency (HomeRF), shared wireless access protocol (SWAP),wideband technology such as a wireless Ethernet compatibility alliance(WECA), wireless fidelity alliance (Wi-Fi Alliance), 802.11 networktechnology, public switched telephone network, public heterogeneouscommunications network such as the Internet, private wirelesscommunications networks, land mobile radio networks, code divisionmultiple access (CDMA), wideband code division multiple access (WCDMA),universal mobile telecommunications system (UMTS), advanced mobile phoneservice (AMPS), time division multiple access (TDMA), frequency divisionmultiple access (FDMA), orthogonal frequency division multiple access(OFDMA), global system for mobile communications (GSM), single carrier(1X) radio transmission technology (RTT), evolution data only (EV-DO)technology, general packet radio service (GPRS), enhanced data GSMenvironment (EDGE), high speed downlink data packet access (HSPDA),analog and digital satellite systems, and any othertechnologies/protocols that may be used in at least one of a wirelesscommunications network and a data communications network.

Computer platform 130 may also include memory 136, which may comprisevolatile and nonvolatile memory such as read-only and/or random-accessmemory (RAM and ROM), EPROM, EEPROM, flash cards, or any memory commonto computer platforms. Further, memory 136 may include one or more flashmemory cells, or may comprise any secondary or tertiary storage device,such as magnetic media, optical media, tape, or soft or hard disk.

Memory 136 may be operable to store one or more client applications 140,including, but not limited to: a web browser client; an IM client; amessaging client, such as a SMS text messaging client and/or a MMSmultimedia messaging client; and an E-mail client.

Furthermore, anti-spam engine 138 may be stored in memory 136 and isoperable to intercept content 160 received by the communications module152 that, in the absence of anti-spam engine 138, would be forwardeddirectly from the communications module 152 to a respective contentdestination, such as a resident client application and/or a remotedevice located across a wireless network. With anti-spam engine 138 inplace, content determined to be spam may be blocked, while legitimatecontent may be forwarded to the respective content destination. Itshould be noted that anti-spam engine 138 may be configured to filterall content 160 received by communications module 152, or only selectedcontent received from selective sources/interfaces, for example, onlycontent for one or more predetermined client applications 140 and/oronly content received at a predetermined port such as a USB.

Further, computer platform 130 may include a processing engine 148,which may be an application-specific integrated circuit (“ASIC”), orother chipset, processor, logic circuit, or other data processingdevice. Processing engine 148 is operable to execute an applicationprogramming interface (“API”) layer 146 that may interface with anyresident programs, such as the anti-spam engine 138, and clientapplications 140.

In one non-limiting aspect, API 146 is a runtime environment executingon the respective wireless device. One such runtime environment isBinary Runtime Environment for Wireless® (BREW(g) software developed byQualcomm, Inc., of San Diego, Calif. Other runtime environments may beutilized that, for example, operate to control the execution ofapplications on wireless computing devices.

Still referring to FIG. 2, processing engine 148 may include one or acombination of processing subsystems 150 that provide functionality towireless device 102. In a cellular phone example, processing subsystems150 may include subsystems such as: sound, non-volatile memory, filesystem, transmit, receive, searcher, layer 1, layer 2, layer 3, maincontrol, remote procedure, handset, power management, diagnostic,digital signal processor, vocoder, messaging, call manager, Bluetooth®system, Bluetooth® LPOS, position determination, position engine, userinterface, sleep, data services, security, authentication, USIM/SIM,voice services, graphics, USB, multimedia such as MPEG, GPRS, etc.

Non-limiting, processing subsystems 150 may include any subsystemcomponents that interact with applications executing on computerplatform 130. For example, processing subsystems 150 may include anysubsystem components that receive data reads and data writes from API146 on behalf of the resident anti-spam engine 138 and any other memoryresident client application 140.

Referring to FIG. 3, anti-spam engine 138 may monitor and analyzecontent generated by, and/or designated for receipt by, any clientapplication 140. Anti-spam engine 138 may be any one or a combination ofhardware, software, firmware, executable instructions and data.

The anti-spam engine 138 may comprise an anti-spam engine identification(ID) 139 that identifies the anti-spam engine, and control logic 162operable to manage all functions and components of the anti-spam engine138. For example, anti-spam engine ID 139 may include one or more of aname, a version, etc. Further, anti-spam engine 138 may include acontent filter configuration file 170 that defines a content filter 182to apply to incoming content. For example, content filter 182 may be afilter mechanism included in content filter configuration file 170, maybe a reference to a remotely-stored filter mechanism, or may be anidentification of a filter mechanism stored within filter module 180resident on wireless device 102. Further, control logic 162 inconjunction with statistic collector/reporter module 168, is operable toapply the designated content filter 182 to content 160 and identify orclassify the content as being spam or non-spam, and further collectinformation associated with the filtering and classification operations.Additionally, anti-spam engine 138 may store filtered content in aquarantine folder 164, and may store at least portions of the filteredcontent and/or additional content-related information in a spam log 184that is used to report the activity of anti-spam engine 138. Further,anti-spam engine 138 may include a User Interface (“UI”) 166 thatassists a user, such as a local user of wireless device 102 or aremotely located user in communication with wireless device 102, inoperating anti-spam engine 138.

For example, UI 166, in conjunction with the input mechanism 132, may beoperable by the end user to configure at least a portion of thecapabilities of the anti-spam engine 138, including content filtering,reporting, quarantining, and disposing of detected spam.

Besides being configurable by the user, the content filter configurationfile 170 may be downloaded to memory 136 via wireless transmission overa wireless network 101, statically installed by the OEM 106 (FIG. 1) atthe time of manufacture, and downloaded via hardwired connection to apersonal computer (PC). For example, content filter configuration file170 may be set by an operator associated with a network service providerand transmitted to wireless device 102 via user manager server 110.

Content filter configuration file 170 may include any combination of oneor more sets of parameters that dictate the spam filtering, recordingand reporting activities to be performed by wireless device 102. Forexample, content filter configuration file 170 may include a set ofparameters to apply to all content, regardless of the destination of thecontent. Alternatively, content filter configuration file 170 mayinclude a destination-specific set of parameters corresponding to one ormore of the resident client applications 140 (FIG. 2) capable ofreceiving content from network 101, and/or one or more contentdestinations on wireless network 101.

As such, in some aspects, content filter configuration file 170 mayinclude one or more of the following parameters: a content destination172 which identifies a client application 140 and/or a network device onwireless network 101 corresponding to the given set of parameters, suchthat the given set of parameters are applied to content designated forthe corresponding content destination; a content filter 182 thatidentifies a content filter to be applied to the corresponding content;a predetermined filter test result 174 associated with the given contentfilter and/or the content destination, where the predetermined filtertest result 174 is a limit that is compared to a filter test resultgenerated by applying content filter 182 to incoming and/or outgoingcontent, and where the predetermined filter test result 174 defines spamand non-spam content; a storage limit parameter 176 associated withquarantined spam content, for example, storage limit parameter 176 mayindicate a number of days to keep quarantined content beforeautomatically deleting the content, and/or may indicate a maximum amountof memory to be utilized to store quarantined content; a reportingparameter 178 which defines what information to log corresponding to anydetected spam, when to forward the log for analysis, to whom to forwardthe log and/or whom to allow access to the log; and a configurationidentification (ID) 171, such as one or more of a name, a version, etc.,that identifies the given set of parameters associated with the givenconfiguration.

Anti-spam engine 138 may be operable based upon at least one of severalspam detection mechanisms, referred to herein as content filter 182. Insome aspects, content filter 182 comprises a software mechanism forclassifying content 160 as either spam or not spam. In some aspects,content 160 may be run through content filter 182 to produce a filtertest result 188, which is calculated based upon a predetermined set ofrules, i.e. the filter mechanism.

There are many techniques for classifying content as spam or as notspam. These techniques are represented by content filter 182 andinclude, but are not limited to: host-based filtering; rule-basedfiltering; Bayesian statistical analysis; noise filters; and SenderPolicy Framework (“SPF”) or Sender Identification (ID) filters.Host-based and rule-based filters, for example, examine content for“spam-markers” such as common spam subjects, known spammer addresses,known mail forwarding machines, or simply common spam phrases. In oneaspect, such as in cases when the content comprises a message, theheader and/or the body of the message may be examined for these markers.Another method is to classify as spam all content from unknownaddresses.

Bayesian filtering compares content that others have received to findcommon spam content, and accomplishes this by tokenizing a large corpusof spam and a large corpus of non-spam. The theory behind Bayesianfiltering is that certain tokens will be common in spam content anduncommon in non-spam content, and certain other tokens will be common innon-spam content and uncommon in spam content. When content is to beclassified, it is tokenized to see whether the tokens are more likethose of spam content or those of non-spam content.

Noise filters are a form of Bayesian filters that target spam containingnumerous random words rarely used in sales promotions. Spammers hope tothwart Bayesian filters by minimizing promotion language and by makingthe spam appear to be personal correspondence. There are three primarysteps employed by Bayesian noise reduction filters. The first step ispattern learning, where patterns are created and their dispositionlearned by the filter. The second step may use the patterns learned andperforms “dubbing” or elimination of tokens whose disposition isinconsistent with the pattern of text they belong to. The third step mayperform concurrent elimination of data from the sample up to a stopmarker. Once a stop marker has been reached, certain checks may beperformed on the length of the concurrent elimination to determine ifthe elimination should be made permanent.

Sender Policy Framework (“SPF”) or Sender Identification (ID) filtersprotects against return-path address forgery and makes it easier toidentify spoofs. SPF operates by having domain owners identify sendingmail servers in domain name servers (“DNS”). SMTP receivers verify theenvelope sender address against this information, and can distinguishauthentic content from forgeries before any content data is transmitted.

Furthermore, because large files may have an adverse affect on thewireless device 102, such as by using memory or processing capability,or on the network 101, such as by using bandwidth, content may beidentified as spam based upon the size of the content transmittedto/from the wireless device 102.

Any one or any combination of the filtering mechanisms disclosed hereinmay be incorporated within filter module 180 to detect unwanted content.Furthermore, any filter 182 within filter module 180 may be associatedwith a specific content destination 172, thereby enabling the anti-spamengine 138 to select specific filters within filter module 180 to applyagainst a particular content 160 based upon the intended destination.

For example, control logic 162 is operable to parse the parameters fromcontent filter configuration file 170, and in conjunction with thestatistic collector/reporter 168, which may include any combination ofhardware, software, firmware, data and executable instructions, isoperable to monitor and analyze all content 160 received by and/orgenerated for transmission from wireless device 102. In yet otherembodiments, only content 160 having a given content destination 172 maybe intercepted for processing by the anti-spam engine 138. Further, insome embodiments, the same content filter 182 may be applied to allcontent 160.

In other embodiments, different spam filters 182 may be applied todifferent content 160 based on, for example, at least one of a networkservice provider associated with the wireless device, a hardwarecharacteristic associated with the wireless device, a predeterminedcharacteristic associated with the content destination, and a hardwarerequirement associated with the content, as discussed in detail above.

Regardless of the source and destination of monitored content, anti-spamengine 138 applies a specific content filter 182 to each content 160,generates calculated filter test result 188, compares result 188 withthe corresponding predetermined filter test result 174, and classifiesthe given content 160 as spam content 163 or as authorized content. Ifclassified as spam content 163, anti-spam engine 138 may then store thecontent in quarantine folder 164 and/or may automatically delete thecontent depending upon storage limit 176. If not classified as spam,then anti-spam engine 138 initiates the delivery of content 160 to theintended content destination 172.

Further, for spam content 163, statistic collector/reporter 168 isoperable to collect and save user-defined and/or content filterconfiguration-defined information based on reporting parameter 178. Forinstance, statistic collector/reporter 168 may log: device/configurationinformation 141, such as one or a combination of anti-spam engine ID 139and/or content filter configuration 171, for example, to identify howcontent 160 was filtered, and wireless device information such ashardware and software information, for example, information identifyingthe model of the device, the resident hardware, the resident software,the state of selected hardware and/or software components, etc. andgenerally any information that may be useful in troubleshooting ordetermining a diagnostic status of wireless device 102; all or aselected portion 173 of the given content 160 and/or informationassociated with the content, including but not limited to: thecalculated filter test result 188; the content destination 172; andsource information 186 identifying the originator of the content andincluding, for example, a URL, a telephone number, a MAC address, anE-mail address of the spam generator 122, and a an identification of thegenerating client application 140 on the wireless device. Thecollected/calculated information may be saved in memory 136 as part ofspam log 184, where the size of the spam log 184 may be, in one aspect,configurable as well.

Furthermore, for content 160 classified as spam content 163 and storedin a separate quarantine folder 188, anti-spam engine 138 may alert auser of wireless device 102 of their presence in order to initiatereview of these content. Further, anti-spam engine 138 may track astorage space used and/or a time in storage and automatically deletespam content 163 based on storage limit parameter 176. The actions ofreviewing and/or deleting spam content 163 may be recorded in spam log184 is dictated by reporting parameter 178.

Through use of UI 166, the user may have access to all configurableparameters with the additional capability of marking specific content asunauthorized, i.e. placing the content into the quarantine folder 188,retrieving content previously designated as unauthorized content 163from quarantine folder 188, and controlling what spam elements to logand when to upload log 184. For example, a user may update contentfilter 182 upon reviewing unauthorized content 163 and providing aninput that identifies the given content as authorized content. Forinstance, the user may identify the source 186 of the given content as anon-spammer and/or an authorized source of content, and content filter182 may be updated accordingly.

Reporting parameter 178 may configure statistic collector/reporter 168to selectively transmit log file 184 to user manager 110 across wirelessnetwork 101. The timing of log transmission is non-limiting and may betransmitted at a predetermined time, a predetermined interval, and on anoccurrence of a predetermined event, such as upon detection of at leastone unauthorized content or upon request by an authorized remote device,such as user manager 110 or operator workstation 114. Further, reportingparameter 178 may determine to whom to allow local access to log 170,thereby allowing a remote device such as the user manager 110 access tomemory 136.

In one non-limiting aspect, spam log 170 may be transmitted over an opencommunication connection between the wireless device 102 and thewireless network 101. For example, anti-spam engine 138 may “piggyback”spam log 170 onto an ongoing voice or data call across an openconnection. Alternatively, in a cellular network configuration,anti-spam engine 138 may transmit spam log 170 to user manager 110through short message service (“SMS”). Furthermore, as noted above, usermanager 110 may “pull” log 170 from the wireless device 102 across thenetwork 101 on a scheduled or ad hoc basis.

Non-limiting, anti-spam engine module 138 may also include a localwireless device control module 183. Under control of control logic 162,local wireless device control module 183 may execute a locally orremotely generated control command 185 on the wireless device 102. Thelocal device control module 183 may request authorization of a controlcommand 185 before its execution.

For example, control command 185 may be any operation executable onwireless device 102 including, but not limited to, receiving andactivating a content filter configuration file 170 downloaded from thenetwork 101 and uploading log file 184 to the network 101.

Further, anti-spam engine module 138 may include a limited serviceconfiguration 187 operable to establish a limited-access communicationschannel across the wireless network 101 generally not available to theuser of wireless device 102. For example, the limited-accesscommunications channel may be used for transmitting log file 184,receiving a content filter configuration file 170, as well as forreceiving/generating control command 185.

The identification and set-up of the limited-access communicationschannel may be based on a limited service setting 189. Limited servicesetting 189 may identify the type of communications that are allowed,and may identify the associated communication channels that can beutilized. Limited service configuration 187 may be received over thewireless network 101, may be locally transferred to wireless device 102,such as through a serial connection, or may be preloaded on the wirelessdevice 102.

Referring to FIG. 4, user manager 110 may be a server, personalcomputer, mini computer, mainframe computer, or any computing deviceoperable to analyze and take proactive measures to block spam from thenetwork 101. In some aspects, user manager 110 may operate inconjunction with operator workstation 114 to perform these functions.The user manager 110 may comprise user manager anti-spam module 190,which may include at least one of any type of hardware, software,firmware, data and executable instructions operable to generate contentfilter configuration file 170 and analyze spam log 184 from wirelessdevice 102.

Furthermore, there may be separate servers or computer devicesassociated with user manager 110 working in concert to provide data inusable formats to parties, and/or provide a separate layer of control inthe data flow between the wireless device 102 and user manager anti-spammodule 190. User manager 110 may send software agents or applications towireless device 102 across wireless network 101, such that the wirelessdevice 102 returns information from its resident applications andsubsystems 150.

Referring to FIGS. 4 and 5, user manager anti-spam module 190 mayinclude a configuration generator module 198 that comprises hardware,content, software and/or any other associated logic allowingconfiguration generator module 198 to generate content filterconfiguration file 170. In one aspect, configuration generator module198 may be operable to assemble the various components of a givencontent filter configuration file 170 based on selections from a numberof configurable parameters.

For example, configuration logic 220 may provide an authorized user withthe ability to select from a menu of a plurality of content filters 208,i.e., host-based filtering, rule-based filtering, Bayesian statisticalanalysis, noise filters, and Sender Policy Framework (“SPF”) or SenderID filters.

In addition, configuration logic 220 may provide an authorized user withthe ability to select from a menu of a plurality of content destinations210, including but not limited to resident client applications 140 onwireless device 102 and network devices on network 101, in order togenerate content filter configuration file 170.

Similarly, configuration logic 220 may provide an authorized user withthe ability to select from a menu of at least one of a plurality ofreporting parameters 212, a plurality of control command parameters 206,and a plurality of predetermined filter score result values 216.Alternatively, rather than selecting the various configurationparameters individually, configuration logic 220 may provide anauthorized user with the ability to select from a menu of a plurality ofpredetermined content filter configurations 218, which may includepredetermined groupings of the above-noted parameters that comprisecontent filter configuration 170.

Furthermore, what may be considered as spam by one network carrier maynot be considered spam by another network carrier. Accordingly,configuration logic 220 may provide an authorized user with the abilityto select from a menu of a plurality of predetermined network providers219 to thereby associate a given configuration with a given networkservice provider. As such, different filtering configurations may begenerated for different network providers, and a device roaming from oneprovider to the next may resultingly receive a new filteringconfiguration and filter out different content depending on the networkprovider.

In addition, identification of spam may be dependent upon the specificwireless device in operation. For example, since spam may be based onthe size of the content, the use of more than a predetermined portion ofmemory may cause content to be classified as spam. In this case, sincedifferent wireless devices have different memory sizes, such a spamdefinition may be device-specific. Other examples may be based on theprocessing ability, the graphics ability, etc. of the given wirelessdevice. Accordingly, configuration logic 220 may provide an authorizeduser with the ability to select from a menu of a plurality ofpredetermined wireless device types 213.

Once the specific parameters of a given content filter configuration 170are determined, then configuration logic 220 may assign uniqueconfiguration ID 171 to the given configuration, and may store thisconfiguration in a library for later recall, such as among plurality ofpredetermined anti-spam content filter configurations 218. Further,configuration logic 220, and/or another component of user manageranti-spam module 190, may be operable to transmit configuration 170 toone or more wireless devices 102. In some embodiments, a command 185 maybe transmitted to activate the transmitted configuration 170, or theanti-spam engine 138 on the wireless device itself may be configured toactivate the newly transmitted configuration upon download.

User manager anti-spam module 190 may include information repository 194for storing one or more spam logs 184 from one or more wireless devices102. Information repository 194 may include any type of memory orstorage device compatible with user manager anti-spam module 190.

In addition, user manager anti-spam module 190 may comprise analyzer 202and report generator 204. Analyzer 202 may include hardware and analysislogic, such as decision-making routines, statistical programs, andcombinations thereof, for analyzing and interpreting logs 184 andgenerating report 205. Furthermore, user manager anti-spam module 190may be operable to make report 205 available for viewing by anauthorized user, as well as to generate and transmit an E-mail message,including at least portions of report 205, to a networked device, suchas to operator workstation 114. For example, report 205 may groupunauthorized content 163 based on predetermined parameters, such as theoriginator/sender, the destination wireless device and/or clientapplication, some portion of the content, such as a word, name or file,etc.

Referring to FIG. 6, the user manager anti-spam module 190 may furthercomprise a remote device control module 200 operable, by execution ofcontrol logic 230, to receive/generate control command 185 to/fromoperator workstation 114 and/or wireless device 102. For example,control command 185 may comprise operator identification (“ID”) 232 anda control activity 234. Operator ID 232 may be some manner ofidentifying the originator of control command 185. For example, operatorID 234 may be a name, a number, a digital signature, a hash, or anyother type of data or value that may be associated with an authorizeduser. Further, operator ID 232 may not be explicitly contained in thecontrol command 185, but rather derived from the origin of controlcommand 185.

Control activity 234 may be the operation to be performed on wirelessdevice 102 by anti-spam engine module 138 through executing controlcommand 185. As mentioned above, the operation may include downloadingconfiguration 170 and uploading log 184. Before executing or forwardingthe control command 185, remote device control module 200 may executepermission logic 236 to verify the authenticity or authority of theparty issuing control command 185.

For instance, certain operators may be restricted to certain controlactivities, or restricted to controlling certain wireless devices. Theauthorization of a control command 185 may simply be a prompt tooperator workstation 114 to confirm whether operator workstation 114actually wishes to execute control activity 234 on wireless device 102.Alternatively, permission logic 236 may parse operator ID 232 andcontrol activity 234 from control command 185 and correlate theseparameters with a database of a plurality of operator IDs 226, aplurality of control permissions 224 and a plurality of wireless deviceidentifications (IDs) 228, in order to generate a permission decision222.

It should be noted, however, that the plurality of operator IDs 270, theplurality of control permissions 224 and the plurality of wirelessdevice identifications (IDs) 228 may be correlated in any manner. Forexample, control command 185 may contain an operator ID 232 and acontrol activity 234 of “update content filter configuration file” for aparticular one of the plurality of wireless device identifications 228.Permission logic 236 may search the database of control permissions 224and operator IDs 226 to determine if the operator was permitted to“push” a new configuration on the given wireless device 102.

Referring now to FIG. 7, operator workstation 114 may be operable toenable an authorized user to review report 205, communicate with a userof wireless device 102, download the anti-spam engine 138 and/or contentfilter configuration file 170 to wireless device 102, and upload thespam log 184 from the wireless device 102. Furthermore, the operator,though the operation of the operator workstation 114, may be operable torequest that the message center 118 block specific spam from accessingthe network 101.

Operator workstation 114 may comprise an input mechanism 248, and anoutput mechanism 250 interconnected to a computer platform 240. Theinput mechanism 248 and the output mechanism 250 may be similar to theirrespective counterparts, 132 and 134, on wireless device 102.

The operator workstation 114 may further comprise a memory 246 forstoring applications and data files, a processing engine 242, and acommunications module 244 operable to transmit and receive contentbetween the operator workstation 114, the user manager 110, wirelessdevice 102, as well as any network component on wireless network 101.Furthermore, the communications module 244 may be operable to transmitvoice over the network 101, thereby allowing an operator to engage invoice communications with any wireless device user or other authorizedpersonnel.

Memory 246 may comprise an operator control module 252 made executableby processing engine 242. As the number of operator workstations 114 andthe number of operators are non-limiting, an operator ID parameter 232,previously discussed in reference to FIG. 6, may be entered into memory246 to log in to the network 101 and identify that operator to networkcomponents.

The operator control module 252 may itself comprise operator anti-spamlogic 254 operable in conjunction with Graphic User Interface (GUI)logic 256, input mechanism 248, and output mechanism 250, to guide theoperator through any spam analysis and command activity selection andtransmission. The GUI logic 256 may control, for example, browsercommunications, E-mail communication, text messaging, voicecommunication, report presentation, as well providing a menu forselecting and transmitting any control command 185 to the user manager110 and wireless device 102.

The operator control module 252 may further comprise a remote devicecontrol module 260 similar to the remote device control module 200 ofthe user manager module 190. Similar to the remote device control module200, the operator-based remote device control module 260 may generate acontrol command 185 operable on the wireless device 102 to perform avariety of activities, including, but not limited to: uploading log 184,downloading anti-spam engine 138 and/or configuration 170.

Although the user of operator workstation 114 may normally be a person,the workstation 114 may be a computing device comprising hardware,software, content, and combinations thereof for analyzing and respondingto report 205 or to an external communication such as from the user ofthe wireless device 102. Such software may include algorithms,decision-making routines, statistical programs, etc. for analyzing andinterpreting report 205. Further, as with the user manager anti-spammodule 190, the operator workstation 114 may reside on any networkdevice of wireless network 101, such as on user manager 110, anotherserver connected to the network, or even on a wireless device 102.

Referring to FIG. 1, wireless network 101 may include any communicationsnetwork operable, at least in part, for enabling wireless communicationsbetween wireless device 102 and any other device connected to wirelessnetwork 101. Further, wireless network 101 may include all networkcomponents and all connected devices that form the network. For example,wireless network 101 may include at least one, or any combination, of: acellular telephone network; a terrestrial telephone network; a satellitetelephone network; an infrared network such as an Infrared DataAssociation (“IrDA”)-based network; a short-range wireless network; aBluetooth® technology network; a ZigBee® protocol network; an ultra wideband (“UWB”) protocol network; a home radio frequency (“HomeRF”)network; a shared wireless access protocol (“SWAP”) network; a widebandnetwork, such as a wireless Ethernet compatibility alliance (“WECA”)network, a wireless fidelity alliance (“Wi-Fi Alliance”) network, and a802.11 network; a public switched telephone network; a publicheterogeneous communications network, such as the Internet; a privatecommunications network; and land mobile radio network.

Suitable examples of telephone networks include at least one, or anycombination, of analog and digital networks/technologies, such as: codedivision multiple access (“CDMA”), wideband code division multipleaccess (“WCDMA”), universal mobile telecommunications system (“UMTS”),advanced mobile phone service (“AMPS”), time division multiple access(“TDMA”), frequency division multiple access (“FDMA”), orthogonalfrequency division multiple access (“OFDMA”), global system for mobilecommunications (“GSM”), single carrier (“1X”) radio transmissiontechnology (“RTT”), evolution data only (“EV-DO”) technology, generalpacket radio service (“GPRS”), enhanced data GSM environment (“EDGE”),high speed downlink data packet access (“HSPDA”), analog and digitalsatellite systems, and any other technologies/protocols that may be usedin at least one of a wireless communications network and a datacommunications network.

Referring back to FIG. 1, message center 118 may include a processor, amemory and a middleware program disposed in the memory, the middlewareprogram operable to handle content sent for use by other programs usinga messaging application program interface (API). A messaging center canusually queue and prioritize content as needed and saves each of theclient programs from having to perform these services.

FIG. 8 illustrates a non-limiting cellular telephone system 270 andcomprises at least one wireless device 102 and a cellular wirelessnetwork 288 connected to a wired network 280 via a wireless carriernetwork 284. Cellular telephone system 270 is merely exemplary and mayinclude any system whereby remote modules, such as wireless devices 102communicate packets including voice and data over-the-air between andamong each other and/or between and among components of wireless network288, including, without limitation, wireless network carriers and/orservers.

According to system 270, user manager 110 may communicate over the wirednetwork 280 (e.g. a local area network, LAN) with data repository 274for storing spam information, such as spam log 184, gathered from thewireless device 102. Further, a data management server 278 may be incommunication with user manager 110 to provide post-processingcapabilities, data flow control, etc. User manager 110, data repository274 and data management server 278 may be present along with any othernetwork components needed to provide cellular telecommunicationservices. It is through the user manager 272, the data repository 274,and the data management server 278, that spam detected by the wirelessdevice 102 may result in the carrier network 284 eventually blocking thedetected spam from wireless devices 102 and/or network 288.

User manager 110, and/or data management server 278 may communicate withthe carrier network 284 through data links 282 and 286, such as theInternet, a secure LAN, WAN, or other network. Carrier network 284 maycontrol the transmission of content (generally being data packets) sentto a mobile switching center (“MSC”) 290. Further, carrier network 284communicates with MSC 290 by a network 286, such as the Internet, and/orPOTS (“plain old telephone service”). Typically, in network 286, anetwork or Internet portion transfers data, and the POTS portiontransfers voice information.

MSC 290 may be connected to multiple base stations (“BTS”) 294 byanother network 292, such as a data network and/or Internet portion fordata transfer and a POTS portion for voice information. BTS 294ultimately broadcasts content wirelessly to the wireless devices, suchas wireless device 102, by short messaging service (“SMS”), or otherover-the-air methods.

Referring to FIG. 9, a flowchart illustrating a method of spam detectionon a wireless device may include obtaining anti-spam engine 138 at step360. For example, the anti-spam engine module 138 may be embodied withinthe hardware and/or content of the wireless device 102 during themanufacture of the device 102. Alternatively, the anti-spam engine 138may be “pushed” by user manager anti-spam module 190 to the wirelessdevice 102 or “pulled” from a user manager anti-sparn module 190 by thewireless device 102 across a wireless network 101.

At step 362, content filter configuration 170 may be obtained by thewireless device 102, in a similar manner as anti-spam engine 138, andmay comprise parameters defining at least one content filter 182 andreporting parameter 178.

At step 364, the method includes intercepting content 160 on thewireless device 102 prior to delivery to a content destination. Forexample, content 160 may be intended for at least one client application140 resident on wireless device 102, i.e., browser client, IM client,SMS client, MMS client, and E-mail client, is intercepted prior todelivery to the intended client application. In other embodiments,content 160 may be generated on the wireless device and is interceptedprior to being transmitted by communications module 152 to anotherdevice on network 101.

At step 366, at least one filter 182 may be applied to the content 160.For example, the filter may be any spam filtering mechanism 182, suchas: a host-based filter; rule-based filter, i.e., filtering out contenthaving a size greater than a user determined size, where the filter maybe specific to a given network carrier; Bayesian statistical filter;noise filter; and Sender Policy Framework (“SPF”) or SenderIdentification (ID) filter. At step 368, content filter test result 174is determined based upon the application of the at least one filter 182to the content 160. The calculated filter test result 174 may be a valuethat when compared to predetermined filter test result 188 at step 370,is operable to determine whether the content 160 is spam.

If the content classification indicates that the content 160 is notspam, the content may, at step 372, be forwarded to the respectivecontent destination 172, which may be a wireless device resident clientapplication or another network device. Alternatively, if the contentclassification indicates that the content 160 is likely spam, thecontent is not forwarded to the intended client application.Furthermore, the content 160 may, at step 374, be stored in quarantinefolder 163 as spam content 163 until such time or other predefinedcondition when the spam content 163 may be deleted at step 376. Thepredefined condition, such as storage limit 176, may be obtained fromthe content filter configuration 170. Furthermore, storing and deletingthe quarantined content 163 may be accomplished under control of acontrol command 185 as part of the local device control module 183.

In addition, upon determination of content 160 as spam at step 370, arecord may be entered into spam log 184 at step 378, comprising at leasta portion 173 of content 160, for example, content destination 172 andthe source 186 of the content, and the calculated filter test result188. The spam log 184 may then, at step 380, be provided to a remotedevice, such as the user manager 110 and the operator position 114 forfurther analysis.

At step 381, a message may be received by the wireless device 102 inresponse to the transmitted spam log 184. For example, the message maycomprise a control command 185 instructing the wireless device 102 toreceive and upload an update to content filter configuration 170.

FIG. 10 illustrates a flowchart of one aspect of a method, operable on anetwork device such as user manager 110, to manage content on a wirelessdevice. In one aspect the method includes, at step 382, providing ananti-spam engine to a wireless device. In one example, user manager 110may wirelessly transmit anti-spam engine 138, stored in the memory ofthe user manager, to the wireless device 102 over wireless network 101.

The method further includes, at step 384, generating a content filterconfiguration to the wireless device. For example, the user manager 110may generate content filter configuration 170. The user manager 110 maygenerate the filter configuration 170 upon request from at least one ofthe wireless device 102, the operator 114 or the user manager anti-spamlogic 192. The filter configuration 170 may be generated by theconfiguration generator module 198 based upon the parameters and logicshown in FIG. 5. At step 386, the content filter configuration 170 maybe provided to the wireless device 102. In one example, user manager 110may transmit configuration 170 to wireless device 102 over network 101.

At step 388, the method includes receiving a spam log from the wirelessdevice based on the content filter configuration. In one example, theuser manager 110 may receive at least one spam log 184 generated by atleast one wireless device 102 by applying content filter configuration170 to content 160, and transmitted over wireless network 101. The spamlog 184 may be stored in information repository 194 where it may befurther analyzed by analyzer 202, which may include hardware andanalysis logic, such as decision-making routines, statistical programs,and combinations thereof, for analyzing and interpreting logs 184.

Based upon a result of the spam log analysis, the user manager 110 may,at step 390, generate a report 205 and make this report available to anoperator 114. The report 205 may be made viewable on the user manager byan authorized user such as operator 114, or the user manager 110 maytransmit at least portions of the report 205 over network 101 to theoperator 114 as an E-mail.

Based upon an analysis of the spam log 184, either by an operator 114 orby the analyzer 202, the user manager 110 may, at step 392, eithergenerate or receive a revised content filter configuration 170. Prior toaccepting the content filter configuration 170 transmitted by theoperator position 114, the remote device control module 200 of the usermanager 110 is operable to verify the authorization of the operator 114to update the configuration of the wireless device 102.

The revised content filter configuration 170 may be made available tothe wireless device 102 and/or the message center 118 at step 394. Allor some portion of the filter configuration 170 may be transmitted tothe wireless device 102 and/or the message center 118 over the wirelessnetwork 101. In some cases, the wireless device 102 may requestauthorization confirmation prior to accepting the revisions and theconfirmation may be provided by control command 185 generated by theremote device control module 200.

Referring to FIG. 11, some embodiments of a method of spam detection ona wireless device 102 may include receiving, at step 302, at least aportion of an anti-spam engine 138 onto wireless device 102. Forexample, the anti-spam engine module 138 may be embodied within thehardware and/or content of the wireless device 102 during themanufacture of the device 102. Alternatively, the anti-spam engine 138may be “pushed” by user manager anti-spam module 190 to the wirelessdevice 102 or “pulled” from a user manager anti-spam module 190 by thewireless device 102 across a wireless network 101 depending, forexample, on whether or not the wireless device 102 has the latestversion of the anti-spam engine module 138 for the respective wirelessdevice 102. The pushing or pulling of the anti-spam engine 138 to thewireless device 102 may be configurable in any manner, for example:being initiated by a predetermined event.

When activated, in some embodiments, anti-spam engine 138 may have arudimentary content filter configuration 170. In some embodiments, auser may further configure the anti-spam engine 138 by means of inputmechanism 132 and UI 166 at step 304. Alternatively, a new and/orupdated content filter configuration 170 may be “pushed” by a usermanager anti-spam module 190 to the wireless device 102, or may be“pulled” from a user manager anti-spam module 190 by the wireless device102, across wireless network 101 at step 306. The loading and activationof configuration 170 may be initiated in any manner, for example, by adhoc request by the user, by a predetermined event, such as activation,power up, and a predetermined schedule.

After configuration, the anti-spam engine 138 may, at step 310, operateon wireless device 102 as a background process, processing at least aportion of an incoming content received by communications module 152 andstored in memory. The content may be received, at step 308, from a spamgenerator 122. Although the statistic collector/reporter 168 may apply acommon filter 182 to all content types, in some embodiments, thestatistic collector/reporter 168 may determine a client identification172 associated with each content 160 and apply the corresponding filter182 to each content 160 based on the given content filter configuration170. Configurable client identifications may include, but are notlimited to browser, SSM, MMS, IM, and E-mail clients. Based upon aresult of applying rules comprising the applied filter, that is, a“filter result”, some content may be forwarded to their intended clientwhile other content may be classified as spam and stored in quarantinefolder 164.

In some aspects, the filter result 188 may result in a calculated valuethat when compared to a predetermined filter test value 174 is operableto determine whether the content is authorized or is to be classified asspam.

Depending upon the at least one spam-filter 182 and the parameters ofthe content filter configuration file 170, the anti-spam engine 138 maybe operable to detect received spam, quarantine the spam in quarantinefolder 164, and create a log entry in log 184. The log entry,configurable and non-limiting, may comprise the spam content 163 and/oradditional information, such sender information 186, filter result 188derived by applying content filter 182 to the received content, etc.

Furthermore, unauthorized content 163 stored in the quarantine foldermay be removed based on the storage limit parameter 176.

Based upon reporting parameters 178, log 184 may, at step 312, beuploaded to user manager anti-spam module 190. Such a mechanism mayinclude a standard HTTP, an FTP, or other data transfer protocol. Inother embodiments, the collected log file 170 may be uploaded using anycommunication means the wireless device 102 may access.

At step 314, user manager anti-spam module 190 may store spam log 184 ininformation repository 194, analyze the contents of the spam log, andgenerate a report 205 based upon that analysis.

At step 316, the user manager anti-spam module 190 may transmit thereport 205 to an operator workstation 114 for further analysis andaction. Report 205 may include any form of output that representsanalysis of log 184 and other information contained in the informationrepository 194, as well as any other associated information such asreports of spam, new filtering techniques, etc.

Although user manager anti-spam module 190 may generate report 205, theuser manager 110 and its corresponding components may be operable topresent a view of spam related information collected from the wirelessdevice 102 in any form, such as tables, maps, graphics views, plaintext, interactive programs or web pages, or any other display orpresentation of the data. For example, user manager anti-spam module 190may present content authorization related information on a monitor ordisplay device, and/or may transmit this information, such as viaelectronic mail, to another computer device for further analysis orreview through such mechanisms as through a standard HTTP, an FTP, orsome other data transfer protocol.

At step 318, an authorized user of operator workstation 114 may analyzereport 205 and decide, for example, to contact message center 118. Inone aspect, the operator workstation 114 may transmit, at step 320, anappropriately composed message to the user manager 110, to be forwarded,at step 322, to the message center 118. In an alternate embodiment, theoperator workstation may send a message directly to the message center118. Such a message may be in any format suitable to both the sender andreceiver, including, but not limited to, E-mail, SMS text messaging, andtelephonic communication.

Based upon the received message from the operator, the message center118 may update its own filters and at step 324, block future contentfrom spam generator 122.

FIG. 12 represents an additional aspect of the herein disclosed system100, in which a user of wireless device 102, upon receiving spam on atleast one of their wireless device resident client applications,contacts, at step 330, operator 114 regarding the accrued charges due tothe unsolicited content (“spam”). As disclosed above, the communicationbetween the user and the operator may be by electronic message or byreal-time voice communication.

The wireless device 102 may require a download of the anti-spam module138 or may simply require an update to the content filter configurationfile 170. At step 332, the operator workstation 114 is operable totransmit a message to the user manager 110 requesting the user managermodule 190 to “push,” at step 334, anti-spam module 138 and/or a contentfilter configuration file 170 to the wireless device 102.

Further at step 334, a control command 185 may be generated by theoperator workstation 114 and be forwarded to the wireless device 102.The control command 185 may operate to verify the authenticity andauthorization of the operator/user manager to command the wirelessdevice 102 to perform a specific action. In one non-limiting aspect,remote device control module 200 may execute permission logic 236 tomake permission decision 222 as to whether or not to relay an operatorgenerated control command 185 to a specific wireless device 102.

Whether or not the operator workstation 114 had initiated a download ofthe anti-spam engine 138 and/or the content filter configuration file170, new unauthorized or junk content, received by the wireless device102 at step 336, may, at step 338, be filtered and prevented fromreaching their targeted client. In addition, the filtered content arelogged in log file 170, which, based upon reporting parameters 178, maybe uploaded to user manger 110 for analysis at step 340. Similar to themessage sequence of FIG. 9, a report 205 may be generated by the usermanager 110 at step 342 and forwarded to the operator workstation 114 atstep 344.

Steps 346, 348, 350 and 352 of FIG. 12, operating similarly to steps318, 320, 322 and 324 of FIG. 11, enable the user of operatorworkstation 114 to analyze spam report 205 and take the appropriatesteps to have the message center 118 block similar spam attacks fromclogging network 101.

In another aspect (not shown), upon a user complaint, the operatorworkstation 114 may simply send a request to the wireless device 102 toupload the current log 184 and/or upload the currently activeconfiguration 170 without updating the content filter configuration file170, in order to determine the current level of spam protection on thewireless device 102.

The various illustrative logics, logical blocks, modules, and circuitsdescribed in connection with the embodiments disclosed herein may beimplemented or performed with a general purpose processor, a digitalsignal processor (DSP), an application specific integrated circuit(ASIC), a field programmable gate array (FPGA) or other programmablelogic device, discrete gate or transistor logic, discrete hardwarecomponents, or any combination thereof designed to perform the functionsdescribed herein. A general-purpose processor may be a microprocessor,but, in the alternative, the processor may be any conventionalprocessor, controller, microcontroller, or state machine. A processormay also be implemented as a combination of computing devices, e.g., acombination of a DSP and a microprocessor, a plurality ofmicroprocessors, one or more microprocessors in conjunction with a DSPcore, or any other such configuration.

Further, the steps of a method or algorithm described in connection withthe embodiments disclosed herein may be embodied directly in hardware,in a software module executed by a processor, or in a combination of thetwo. A software module may reside in RAM memory, flash memory, ROMmemory, EPROM memory, EEPROM memory, registers, a hard disk, a removabledisk, a CD-ROM, or any other form of storage medium known in the art. Anexemplary storage medium is coupled to the processor, such that theprocessor can read information from, and write information to, thestorage medium. In the alternative, the storage medium may be integralto the processor. The processor and the storage medium may reside in anASIC. The ASIC may reside in a user terminal. In the alternative, theprocessor and the storage medium may reside as discrete components in auser terminal.

While the foregoing disclosure shows illustrative aspects and/orembodiments, it should be noted that various changes and modificationscould be made herein without departing from the scope of the describedaspects and/or embodiments as defined by the appended claims.Furthermore, although elements of the described embodiments may bedescribed or claimed in the singular, the plural is contemplated unlesslimitation to the singular is explicitly stated. Additionally, all or aportion of any aspect and/or embodiment may be utilized with all or aportion of any other aspect and/or embodiment, unless stated otherwise.

What is claimed is:
 1. A method of providing an anti-spam module tomonitor all content incoming to a wireless device prior to beingreceived by any client application, comprising: intercepting content onthe wireless device prior to delivery of the content to a contentdestination and prior to delivery to a client application resident onthe wireless device; analyzing the content based on a content filter todetermine if the content comprises unwanted content and if the contentis determined to comprise unwanted content, a record is entered into aspam log, wherein the content filter is selected from a plurality ofcontent filters based on a network service provider of the wirelessdevice, and at least one of a hardware characteristic associated withthe wireless device, a predetermined characteristic associated with thecontent destination, and a hardware requirement associated with thecontent; based upon the analyzing of the content, forwarding the contentto the content destination or quarantining the content by the wirelessdevice; storing predetermined information of the content includingstoring at least one of a portion of the content, an identification of asource of the content, a calculated filter test result associated withthe content, and an identification of the content destination; andtransmitting the predetermined information to a remote device foranalysis of the predetermined information.
 2. The method of claim 1,wherein forwarding further comprises forwarding the content to at leastone of a browser client, an Internet Messenger client, a short messageservice (SMS) client, a multimedia message service (MMS) client, and anE-mail client.
 3. The method of claim 1, wherein intercepting furthercomprises intercepting prior to transmitting the content from thewireless device to a wireless network.
 4. The method of claim 1, whereinthe hardware characteristic comprises at least one of a processorcapability, a speaker capability, a ringer capability, a displaycapability, and a memory capability.
 5. The method of claim 1, whereinthe predetermined characteristic of the content destination comprises atleast one of an identification of a destination client applicationresident on the wireless device, and a number content destinationsassociated the content.
 6. The method of claim 1, wherein the hardwarerequirement comprises at least one of a wireless device processorrequirement, a wireless device audio component requirement, a wirelessdevice video component requirement, and a wireless device memorycomponent requirement.
 7. The method of claim 1, wherein quarantiningfurther comprises deleting the content based on a storage limitparameter.
 8. The method of claim 1, further comprising receiving thecontent filter from across a wireless network.
 9. The method of claim 1,further comprising receiving a reporting parameter of the contentfilter, wherein transmitting the predetermined information furthercomprises transmitting based on the reporting parameter.
 10. The methodof claim 1, wherein transmitting the predetermined information furthercomprises establishing a limited-access communications channel across awireless network based on a predefined limited service configuration.11. The method of claim 1, wherein analyzing further comprises: applyingthe content filter to the content; calculating a filter test resultbased upon application of the predetermined content filter to thecontent; comparing a calculated filter test result to a predeterminedfilter test result; and classifying the content as unwanted contentbased upon the comparison of the calculated filter test result and thepredetermined filter test result.
 12. The method of claim 1, furthercomprising receiving a revised content filter based on analyzing thecontent, and replacing the content filter with the revised contentfilter.
 13. The method of claim 1, wherein intercepting furthercomprises intercepting content received at a predetermined port of thewireless device.
 14. The method of claim 1, wherein intercepting contentfurther comprises initiating the content filter on the wireless device,wherein initiating includes at least one of an ad hoc request by a useror a predetermined event, wherein the predetermined event includes atleast one of: activation, or power up, or a predetermined schedule. 15.A tangible non-transitory computer readable medium comprisinginstructions when executed by a computer to cause the computer toperform operations of providing an anti-spam module to monitor allcontent incoming to a wireless device prior to being received by anyclient application, comprising: intercepting content on a wirelessdevice prior to delivery of the content to a content destination whereinintercepting content on a wireless device further comprises interceptingprior to delivery of the content to a content destination; analyzing thecontent based on a content filter to determine a content classification,wherein the content filter is selected from a plurality of contentfilters based on a network service provider of the wireless device, andat least one of a hardware characteristic of the wireless device, apredetermined characteristic associated with the content destination,and a hardware requirement of the content; based upon the contentclassification, forwarding the content to the content destination orquarantining the content by the wireless device; storing predeterminedinformation of the content including storing at least one of a portionof the content, an identification of a source of the content, acalculated filter test result associated with the content, and anidentification of the content destination; and transmitting thepredetermined information to a remote device for analysis of thepredetermined information.
 16. A wireless device for providing ananti-spam module to monitor all content incoming to a wireless deviceprior to being received by any client application; comprising: means forintercepting content on the wireless device prior to delivery of thecontent to a content destination; means for analyzing the content basedon a content filter to determine a content classification wherein thecontent filter is selected from a plurality of content filters based ona network service provider of the wireless device, and at least one of ahardware characteristic of the wireless device, a predeterminedcharacteristic associated with the content destination, and a hardwarerequirement of the content; means for forwarding the content to thecontent destination or quarantining the content, based upon the contentclassification by the wireless device; means for storing predeterminedinformation of the content including storing at least one of a portionof the content, an identification of a source of the content, acalculated filter test result associated with the content, and anidentification of the content destination; and means for transmittingthe predetermined information to a remote device for analysis of thepredetermined information.
 17. A wireless device for providing ananti-spam module to monitor all content incoming to a wireless deviceprior to being received by any client application, comprising: ananti-spam engine operable to intercept content on the wireless deviceprior to delivery of the content to a content destination, the anti-spamengine comprising a content filter selected from a plurality of contentfilters based on a network service provider for the wireless device, andat least one of a hardware characteristic for the wireless device, apredetermined characteristic of the content destination, and a hardwarerequirement for the content; and control logic intercommoned with theanti-spam engine and operable to apply the content filter to the contentand determine if the content comprises unwanted content, wherein thecontrol logic is further operable to forward the content to the contentdestination if the content does not comprise unwanted content orquarantine the content if the content comprises unwanted content;wherein the anti-spam engine is further configured to storepredetermined information of the content including storing at least oneof a portion of the content, an identification of a source of thecontent, a calculated filter test result associated with the content,and an identification of the content destination; and wherein thewireless device is configured to forward the predetermined informationto a remote device for analysis of the predetermined information. 18.The wireless device of claim 17, further comprising a memory moduleoperable to store at least one client application, and wherein thecontent destination comprises the client application.
 19. The wirelessdevice of claim 18, wherein the control logic is further operable toforward the content to at least one of a browser client, an InternetMessenger client, a short message service (SMS) client, a multimediamessage service (MMS) client, and an E-mail client.
 20. The wirelessdevice of claim 17, further comprising a memory module operable to storeat least one client application operable to generate the content, andwherein the content destination comprises a destination wirelesslyconnectable with the wireless device.
 21. The wireless device of claim17, wherein the hardware characteristic comprises at least one of aprocessor capability, a speaker capability, a ringer capability, adisplay capability, and a memory capability.
 22. The wireless device ofclaim 17, wherein the predetermined characteristic associated with thecontent destination comprises at least one of an identification of adestination client application resident on the wireless device, and anumber content destinations associated the content.
 23. The wirelessdevice of claim 17, wherein the hardware requirement comprises at leastone of a wireless device processor requirement, a wireless device audiocomponent requirement, a wireless device video component requirement,and a wireless device memory component requirement.
 24. The wirelessdevice of claim 17, further comprising a memory module operable to storea quarantine log and a storage limit parameter, wherein the controllogic is further operable to store the content in the quarantine logbased on a storage limit parameter.
 25. The wireless device of claim 17,further comprising a memory module operable to store a spam log, whereinthe control logic is further operable, if the content comprises unwantedcontent, to store predetermined information associated with the contentin the spam log and transmit the spam log to a remote device foranalysis of the predetermined information.
 26. The wireless device ofclaim 25, wherein the control logic is operable to generate a calculatedfilter test result based on the application of the content filter to thecontent, and wherein the predetermined information further comprises atleast one of a portion of the content, an identification of a source ofthe content, the calculated filter test result associated with thecontent, and an identification of the content destination.
 27. Thewireless device of claim 25, wherein the memory module further comprisesa reporting parameter associated with the content filter, and whereinthe control logic is further operable to transmit the predeterminedinformation based on the reporting parameter.
 28. The wireless device ofclaim 25, wherein the memory module further comprises a limited serviceconfiguration, and wherein the anti-spam engine is further operable totransmit the predetermined information by establishing a limited-accesscommunications channel across a wireless network based on the limitedservice configuration.
 29. The wireless device of claim 17, wherein theanti-spam engine is further operable to receive the content filter fromacross a wireless network.
 30. The wireless device of claim 17, furthercomprising a memory module operable to store a predetermined filterresult corresponding to the content filter, wherein the control logic isfurther operable to apply the content filter to the content to generatea filter test result, compare the calculated filter test result to thepredetermined filter test result, and classifying the content asunwanted content based upon the comparison of the calculated filter testresult and the predetermined filter test result.
 31. The wireless deviceof claim 17, further comprising receiving a revised content filter basedon analyzing the content, and replacing the content filter with therevised content filter.
 32. The wireless device of claim 17, wherein thecontrol logic is further operable to apply the content filter to apredetermined port of the wireless device.
 33. The wireless device ofclaim 17, wherein the anti-spam engine is initiated on the wirelessdevice by at least one of an ad hoc request by a user or a predeterminedevent, wherein the predetermined event includes at least one of:activation, or power up, or a predetermined schedule.
 34. A method formanaging filtering of content on a wireless device to provide ananti-spam module to monitor all content incoming to a wireless deviceprior to being received by any client application, comprising: providinga predetermined content filter storable on the wireless device and areporting parameter to the wireless device, wherein the content filteris selectable from a plurality of content filters based on a networkservice provider for the wireless device, and at least one of a hardwarecharacteristic for the wireless device, a predetermined characteristicof the content destination, and a hardware requirement for the content;receiving, based on the reporting parameter, a spam log relating tocontent on the wireless device and filtered by the wireless deviceaccording to the predetermined content filter; generating a report basedon the spam log; and storing predetermined information of the contentincluding storing at least one of a portion of the content, anidentification of a source of the content, a calculated filter testresult associated with the content, and an identification of the contentdestination; wherein the wireless device is configured to be able totransmit the predetermined information to a remote device for analysisof the predetermined information.
 35. The method of claim 34, whereinthe spam log comprises information relating to at least one of incomingcontent received by the wireless device and outgoing content destinedfor transmission from the wireless device.
 36. The method of claim 34,further comprising providing a predetermined filter test result to thewireless device to enable the wireless device to determine whether toinclude a reference to the content in the spam log after subjecting thecontent to the content filter.
 37. The method of claim 36, wherein thecontent filter, when applied by the wireless device to the content, isoperable to generate a calculated filter test result for comparison withthe predetermined filter test result.
 38. The method of claim 34,wherein the reporting parameter is operable to define predeterminedinformation to store in the spam log.
 39. The method of claim 38,wherein the predetermined information further comprises at least one ofa portion of the content, an identification of a source of the content,a calculated filter test result associated with the content, and anidentification of the content destination.
 40. The method of claim 34,wherein providing the predetermined content filter and the reportingparameter further comprises forwarding across a wireless network to thewireless device.
 41. The method of claim 34, further comprisingforwarding a revised content filter to the wireless device based on thespam log.
 42. The method of claim 34, wherein the predetermined contentfilter filters content received at a predetermined port of the wirelessdevice.
 43. The method of claim 34, wherein providing the predeterminedcontent filter further comprising, providing the predetermined contentfilter that may be initiated on the wireless device by at least one ofan ad hoc request by a user or a predetermined event, wherein thepredetermined event includes at least one of: activation, or power up,or a predetermined schedule.
 44. A tangible non-transitory computerreadable medium comprising instructions, when executed by a computer,cause the computer to perform operations to provide an anti-spam moduleto monitor all content incoming to a wireless device prior to beingreceived by any client application, including: providing a predeterminedcontent filter storable on the wireless device and a reporting parameterto the wireless device, wherein the content filter is selectable from aplurality of content filters based on a network service provider for thewireless device, and at least one of a hardware characteristic for thewireless device, a predetermined characteristic of the contentdestination, and a hardware requirement for the content; receiving,based on the reporting parameter, a spam log relating to contentreceived by the wireless device and filtered by the wireless deviceaccording to the content filter; generating a report based on the spamlog; and storing predetermined information of the content includingstoring at least one of a portion of the content, an identification of asource of the content, a calculated filter test result associated withthe content, and an identification of the content destination; whereinthe wireless device is configured to be able to transmit thepredetermined information to a remote device for analysis of thepredetermined information.
 45. At least one processor configured toperform actions including: providing a predetermined content filterstorable on the wireless device and a reporting parameter to thewireless device, wherein the content filter is selectable from aplurality of content filters based on a network service provider for thewireless device, and at least one of a hardware characteristic for thewireless device, a predetermined characteristic of the contentdestination, and a hardware requirement for the content; receiving,based on the reporting parameter, a spam log relating to contentreceived by the wireless device and filtered by the wireless deviceaccording to the content filter; generating a report based on the spamlog; and storing predetermined information of the content includingstoring at least one of a portion of the content, an identification of asource of the content, a calculated filter test result associated withthe content, and an identification of the content destination; whereinthe wireless device is configured to be able to transmit thepredetermined information to a remote device for analysis of thepredetermined information.
 46. An apparatus for managing filtering ofcontent on a wireless device, comprising: means for providing apredetermined content filter storable on the wireless device and areporting parameter to the wireless device, wherein the content filteris selectable from a plurality of content filters based on a networkservice provider for the wireless device, and at least one of a hardwarecharacteristic for the wireless device, a predetermined characteristicof the content destination, and a hardware requirement for the content;means for receiving, based on the reporting parameter, a spam logrelating to content received by the wireless device and filtered by thewireless device according to the content filter; means for generating areport based on the spam log; and means for storing predeterminedinformation of the content including storing at least one of a portionof the content, an identification of a source of the content, acalculated filter test result associated with the content, and anidentification of the content destination; wherein the wireless deviceis configured to be able to transmit the predetermined information to aremote device for analysis of the predetermined information.
 47. Anapparatus for managing filtering of content on a wireless device,comprising: a generator module operable to generate a content filterconfiguration comprising at least one predetermined content filterstorable on the wireless device and a reporting parameter, wherein thecontent filter is selectable from a plurality of content filters basedon a network service provider for the wireless device, and at least oneof a hardware characteristic for the wireless device, a predeterminedcharacteristic of the content destination, and a hardware requirementfor the content; an anti-spam module operable to forward the contentfilter configuration to the wireless device and operable to receive,based on the reporting parameter, a spam log relating to contentreceived by the wireless device and filtered by the wireless deviceaccording to the spam filter; and a report generator operable togenerate a report based on the spam log; wherein the anti-spam module isfurther configured to store predetermined information of the contentincluding storing at least one of a portion of the content, anidentification of a source of the content, a calculated filter testresult associated with the content, and an identification of the contentdestination; and wherein the wireless device is configured to be able toforward the predetermined information to a remote device for analysis ofthe predetermined information.
 48. The apparatus of claim 47, whereinthe spam log comprises information relating to at least one of incomingcontent received by the wireless device and outgoing content destinedfor transmission from the wireless device.
 49. The apparatus of claim47, wherein the content filter configuration further comprises apredetermined filter test result to enable the wireless device todetermine whether to include a reference to the content in the spam logafter subjecting the content to the content filter.
 50. The apparatus ofclaim 49, wherein the content filter, when applied by the wirelessdevice to the content, is operable to generate a calculated filter testresult for comparison with the predetermined filter test result.
 51. Theapparatus of claim 47, wherein the reporting parameter is operable todefine predetermined information to store in the spam log.
 52. Theapparatus of claim 51, wherein the predetermined information furthercomprises at least one of a portion of the content, an identification ofa source of the content, a calculated filter test result associated withthe content, and an identification of the content destination.
 53. Theapparatus of claim 47, wherein the anti-spam module is further operableto forward the predetermined content filter and the reporting parameteracross a wireless network to the wireless device.
 54. The apparatus ofclaim 47, wherein the anti-spam module is further operable to forward arevised content filter configuration to the wireless device based on thespam log.
 55. The apparatus of claim 47, wherein the predeterminedcontent filter is further configured to filter content received at apredetermined port of the wireless device.
 56. The apparatus of claim47, wherein the predetermined content filter is further configured to beinitiated on the wireless device by at least one of an ad hoc request bya user or a predetermined event, wherein the predetermined eventincludes at least one of: activation, or power up, or a predeterminedschedule.